[AJECT] SurgeMail IMAP 3.9e vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx, vuldb@xxxxxxxxxxxxxxxxx
Subject: [AJECT] SurgeMail IMAP 3.9e vulnerability
From: João Antunes <jantunes@xxxxxxxxxxx>
Date: Wed, 17 Sep 2008 13:52:37 +0100
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:from:to :content-type:content-transfer-encoding:subject:mime-version:date :x-mailer:sender; bh=exvTbb6XWzhKkrXkcgRd7RrmNc3spEHAPOZ5C/ibU4M=; b=v+KkoI20Zwjn/l00zyipfMP8wMO6AiHZRpzYH+Rm9l6PLx6ZzQ1R1iuxpj3EgxHkxh VcGSOHWrpGHR7GTBtDtJTXSwVyl4ArAMZuFkWI6hEPDujJAj2w9hmuSImPs+hyDq3pSv 2YcjNQ/KBOSmq6GNiNidb6Auhp+M3N95nzxII=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:from:to:content-type:content-transfer-encoding:subject :mime-version:date:x-mailer:sender; b=u2lRWt5hE2wi04Urgjf/jWz01+sckylMlqB+ZlTTyZrIrvGAgklKNOdRTzdU9jJaDI benxiw1Eq/pdMGP8QtXiuOuDznaF7EvE3o22Cm3k+BqYmIGmgDOdP8Sfl/AIQTfvRt6s pibILwzLEAXF4Vd6Z/gQOqubCNC8Wy2ebeu2Y=
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Sender: João Antunes <jasantunes@xxxxxxxxx>

----------------------------------------
Synopsis
----------------------------------------

SurgeMail Mail Server 3.9e (Windows and Unix-based versions) isvulnerable to denial-of-service (DoS) attacks. The nature of the crashmay indicate a buffer overflow problem, but the developers claimedotherwise.The IMAP server abruptly crashes when processing an APPEND messagewith a large parameter.


Product: SurgeMail Mail Server
Version: 3.9e and probably the older versions
Vendor: NetWin (www.netwinsite.com)
Type: Denial-of-service
Risk: service disruption
Remote: Yes

Discovered by: João Antunes (AJECT -- Attack Injection Tool) on 04/Jun/2008

Exploit: Not Available
Solution: Not Available

Status: Developers were contacted and corrected the software inversion 3.9g2



----------------------------------------
Vulnerability Description
----------------------------------------
The vulnerability can be triggered by sending  the following messages:
A01 LOGIN username password
A01 APPEND Ax5000 (UIDNEXT MESSAGES)

This should crash both the windows and unix-based versions of the IMAPserver.

Successful exploitation results in a remote denial of service.

Prev by Date: Pidgin IM Client Password Disclosure Vulnerability.
Next by Date: Microsoft Internet Explorer DoS in Rendering Malicious PNG Files.
Previous by thread: Re: Pidgin IM Client Password Disclosure Vulnerability.
Next by thread: Microsoft Internet Explorer DoS in Rendering Malicious PNG Files.
Index(es):
- Date
- Thread